snapd

Bug #1939949
Comment #13

Comment 13 for bug 1939949

Revision history for this message

Heather Lemon (hypothetical-lemon) wrote on 2024-03-28:

#13

Hello,

I ran a kprobe on apparmor.

# kprobe command
perf probe common_lsm_audit
# perf command & tail syslog to watch for warning messages from aa_
perf record -e probe:common_lsm_audit -a -g sleep 400

amd64 115533 [002] 83559.450382: probe:common_lsm_audit: (ffffffffb467d2f0)
        ffffffffb467d2f1 common_lsm_audit+0x1 ([kernel.kallsyms])
        ffffffffb46a3fa7 aa_audit_file+0x127 ([kernel.kallsyms])
        ffffffffb46a46b1 __aa_path_perm+0xa1 ([kernel.kallsyms])
        ffffffffb46a47a9 profile_path_perm.part.0+0x79 ([kernel.kallsyms])
        ffffffffb46a48ad aa_path_perm+0xdd ([kernel.kallsyms])
        ffffffffb46a1470 apparmor_file_open+0x1e0 ([kernel.kallsyms])
        ffffffffb465012b security_file_open+0x2b ([kernel.kallsyms])
        ffffffffb44cf5ef do_dentry_open+0xdf ([kernel.kallsyms])
        ffffffffb44d0fdd vfs_open+0x2d ([kernel.kallsyms])
        ffffffffb44e5d64 do_last+0x194 ([kernel.kallsyms])
        ffffffffb44e655d path_openat+0x8d ([kernel.kallsyms])
        ffffffffb44e7bd1 do_filp_open+0x91 ([kernel.kallsyms])
        ffffffffb44d12fe do_sys_open+0x17e ([kernel.kallsyms])
        ffffffffb44d1490 __x64_sys_openat+0x20 ([kernel.kallsyms])
        ffffffffb4204fe7 do_syscall_64+0x57 ([kernel.kallsyms])
        ffffffffb4e000a4 entry_SYSCALL_64_after_hwframe+0x5c ([kernel.kallsyms])
                  4abaea [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64)
                  4d14bb [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64)
                  4cffc5 [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64)
                  6a479a [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64)

# binary
/snap/maas/33860/usr/share/maas/machine-resources/amd64

# MAAS code
https://git.launchpad.net/maas/tree/src/host-info/Makefile?h=3.5
https://git.launchpad.net/maas/tree/src/host-info/pkg/info/info.go?h=3.5
func getResources() (*lxdapi.Resources, error) {
return resources.GetResources()
}
https://github.com/casual-lemon/maas/blob/master/src/host-info/pkg/info/info.go#L167
https://github.com/canonical/lxd/blob/aab7941c0270a21586ed1923adf6ec4f5a0b8cf3/lxd/resources/resources.go#L10
https://github.com/canonical/lxd/blob/aab7941c0270a21586ed1923adf6ec4f5a0b8cf3/lxd/resources/storage.go#L133
// Detect all block devices
if sysfsExists(sysClassBlock) {
entries, err := os.ReadDir(sysClassBlock)

I followed the Maas source code, and it uses the LXD API to make a call to storage.go which tries to access any block devices on the host.

Cheers,
Heather Lemon

Hello,

I ran a kprobe on apparmor.

# kprobe command 
perf probe common_lsm_audit
# perf command & tail syslog to watch for warning messages from aa_
perf record -e probe:common_lsm_audit -a -g sleep 400

# binary
/snap/maas/33860/usr/share/maas/machine-resources/amd64

# MAAS code
https://git.launchpad.net/maas/tree/src/host-info/Makefile?h=3.5
https://git.launchpad.net/maas/tree/src/host-info/pkg/info/info.go?h=3.5
func getResources() (*lxdapi.Resources, error) {
	return resources.GetResources()
}
https://github.com/casual-lemon/maas/blob/master/src/host-info/pkg/info/info.go#L167
https://github.com/canonical/lxd/blob/aab7941c0270a21586ed1923adf6ec4f5a0b8cf3/lxd/resources/resources.go#L10
https://github.com/canonical/lxd/blob/aab7941c0270a21586ed1923adf6ec4f5a0b8cf3/lxd/resources/storage.go#L133
// Detect all block devices
	if sysfsExists(sysClassBlock) {
		entries, err := os.ReadDir(sysClassBlock)

I followed the Maas source code, and it uses the LXD API to make a call to storage.go which tries to access any block devices on the host.

Cheers,
Heather Lemon